[OT] Tomcat 5 + j_security_check + login-error-page
Hello everybody, I am porting my application from Tomcat 4.1.29 to Tomcat 5.0.18. I have a Struts ForwardAction mapped to /Login.do that produces the page with login form. Form based authentication is set with the following fragment of the deployment descriptor: login-config auth-method FORM/auth-method form-login-config form-login-page /Login.do/form-login-page form-error-page /Login.do?error=true/form-error-page /form-login-config /login-config When the servlet is called with ?error=true query string it displays additional warning besides the login form. It was working perfectly in Tomcat 4.1.29 but it works in Tomcat 5.0.18 only in half: When user tries to access protected page he is presented with login page. If he enters valid login/password then he receives access to the resourse. But if the user enters invalid login/password then instead of form-error-page Tomcat displays the right page, but within the uri it says j_security_check instead of /Login.do?error=true. I have tried to set up AccessLogValve and RequestDumpValve and to set debug attribute on every element in servlet.xml and my context.xml (where applicable) in order to try to understand what is going on inside Tomcat 5, but no luck so far - request damp just shows that 1) there was request to protected resourse 2) Tomcat returned form-login-page 3) user sent it back with invalid login/password 4) Tomcat returned to j_security_check. I had expected that there should be output from Realm between 3) and 4) but there is not. So, at the moment the conclusion is that the code that worked perfectly in Tomcat 4.1.29 doesn 't work in Tomcat 5.0.18 and i don 't know why but i would be delighted if somebody will help me to find this out :) Thanks in advance! Cheers, Ronald - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Urgent: username case insensitive for j_security_check?
On 10/14/2003 06:06 AM Mick Knutson wrote: I guess I never thought about this, but all my usernames have not been entered in a case insensitive fashion. I can easily enough fix this in the Action Class to make everything lowercase, but how do I do this with the j_security_check form? I also need a solution that does not rely on JavaScript. Maybe I can use a filter? Hi Mick, a filter won't work. You won't be able to put anything between the browser submit and the container-managed authentication - it's completely tomcat and allows no programmatic interference. Can't you convert your user names with a script or something? Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Urgent: username case insensitive for j_security_check?
The issues is that I have seen the users that will be on my system. and they are already adding TheUserFromOhio as a username etc... Now I can always change everything to lower case when they register. But then I still have the issue about the login. And many of my users are Mac users, so I seem to have heaps of JavaScript issues. --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our Personal Emergency Alert Contact System can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 --- - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 12:53 AM Subject: Re: Urgent: username case insensitive for j_security_check? On 10/14/2003 06:06 AM Mick Knutson wrote: I guess I never thought about this, but all my usernames have not been entered in a case insensitive fashion. I can easily enough fix this in the Action Class to make everything lowercase, but how do I do this with the j_security_check form? I also need a solution that does not rely on JavaScript. Maybe I can use a filter? Hi Mick, a filter won't work. You won't be able to put anything between the browser submit and the container-managed authentication - it's completely tomcat and allows no programmatic interference. Can't you convert your user names with a script or something? Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Urgent: username case insensitive for j_security_check?
Mick, it depends on your login framework. Are you using a tomcat realm or have you rolled your own? If you are using a JDBC realm with a database, you could change the query to make the conversion, for instance. Adam On 10/14/2003 04:06 PM Mick Knutson wrote: The issues is that I have seen the users that will be on my system. and they are already adding TheUserFromOhio as a username etc... Now I can always change everything to lower case when they register. But then I still have the issue about the login. And many of my users are Mac users, so I seem to have heaps of JavaScript issues. --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our Personal Emergency Alert Contact System can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 --- - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 12:53 AM Subject: Re: Urgent: username case insensitive for j_security_check? On 10/14/2003 06:06 AM Mick Knutson wrote: I guess I never thought about this, but all my usernames have not been entered in a case insensitive fashion. I can easily enough fix this in the Action Class to make everything lowercase, but how do I do this with the j_security_check form? I also need a solution that does not rely on JavaScript. Maybe I can use a filter? Hi Mick, a filter won't work. You won't be able to put anything between the browser submit and the container-managed authentication - it's completely tomcat and allows no programmatic interference. Can't you convert your user names with a script or something? -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Urgent: username case insensitive for j_security_check?
Currently I am just using the JBoss framework, and have not done my own. --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our Personal Emergency Alert Contact System can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 --- - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 7:27 AM Subject: Re: Urgent: username case insensitive for j_security_check? Mick, it depends on your login framework. Are you using a tomcat realm or have you rolled your own? If you are using a JDBC realm with a database, you could change the query to make the conversion, for instance. Adam On 10/14/2003 04:06 PM Mick Knutson wrote: The issues is that I have seen the users that will be on my system. and they are already adding TheUserFromOhio as a username etc... Now I can always change everything to lower case when they register. But then I still have the issue about the login. And many of my users are Mac users, so I seem to have heaps of JavaScript issues. --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our Personal Emergency Alert Contact System can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 --- - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 12:53 AM Subject: Re: Urgent: username case insensitive for j_security_check? On 10/14/2003 06:06 AM Mick Knutson wrote: I guess I never thought about this, but all my usernames have not been entered in a case insensitive fashion. I can easily enough fix this in the Action Class to make everything lowercase, but how do I do this with the j_security_check form? I also need a solution that does not rely on JavaScript. Maybe I can use a filter? Hi Mick, a filter won't work. You won't be able to put anything between the browser submit and the container-managed authentication - it's completely tomcat and allows no programmatic interference. Can't you convert your user names with a script or something? -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
requested url within the j_security_check call?
When I get a logon form up from a secured area request, and the user adds a wrong username or password. They get an error logon form to re-logon. But then they get forwarded to the main home page, not their requested URL. How can I get that requested URL when inside the errorLogon.jsp page I created so I can then forward them to the correct page? --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our Personal Emergency Alert Contact System can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 ---
Re: requested url within the j_security_check call?
On 10/13/2003 10:04 PM Mick Knutson wrote: When I get a logon form up from a secured area request, and the user adds a wrong username or password. They get an error logon form to re-logon. But then they get forwarded to the main home page, not their requested URL. How can I get that requested URL when inside the errorLogon.jsp page I created so I can then forward them to the correct page? Hi Mike, as long as you submit to j_security_check you shouldn't need to do what you want to do. Tomcat will keep your original request on stand-by until the login succeeds. I.e. you must be doing something wrong somewhere ;) Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Urgent: username case insensitive for j_security_check?
I guess I never thought about this, but all my usernames have not been entered in a case insensitive fashion. I can easily enough fix this in the Action Class to make everything lowercase, but how do I do this with the j_security_check form? I also need a solution that does not rely on JavaScript. Maybe I can use a filter? --- Thanks Mick Knutson The world is a playground...Play Hard, Play Smart. Visit http://www.YourSoS.com to learn how our Personal Emergency Alert Contact System can help you Play Smart. +00 1 (708) 570-2772 Fax MSN: mickknutson ICQ: 316498480 ICQ URL: http://wwp.icq.com/316498480 ---
Re: requested url within the j_security_check call?
It could be that there is a broken image reference or something (stylesheet, etc.) in the login error page that is requesting a protected resource. That request may reset the URL that the container is holding onto to send the user to, so that they get sent to the wrong place when their login succeeds. If requesting that bad image would send you to the main home page if you were logged in, that might be your problem. The Page Info feature on Netscape or Mozilla is a useful tool for finding bad images references. Scan the list of images for a bad URL. If your login and error pages are good, you shouldn't have to do anything to send the user where they were going. The container does that for you. -Max - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, October 13, 2003 1:39 PM Subject: Re: requested url within the j_security_check call? On 10/13/2003 10:04 PM Mick Knutson wrote: When I get a logon form up from a secured area request, and the user adds a wrong username or password. They get an error logon form to re-logon. But then they get forwarded to the main home page, not their requested URL. How can I get that requested URL when inside the errorLogon.jsp page I created so I can then forward them to the correct page? Hi Mike, as long as you submit to j_security_check you shouldn't need to do what you want to do. Tomcat will keep your original request on stand-by until the login succeeds. I.e. you must be doing something wrong somewhere ;) Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
So I have got the demo to work, so I copied the .xml and java files accross to my own project and I get this javax.servlet.exception Error matching patterns Any idea what that is? I set it up the same as with the Catalina example. As in '/*' in web.xml and '/index.jsp' in security filter. Thanks in advance. Ronan. On Déardaoin, Már 20, 2003, at 00:20 Etc/GMT, Max Cooper wrote: You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
Ronan, Please post the exception stack trace, or perhaps better yet, email your securityfilter-config.xml and the stack trace to me and I'll help track the problem down. It is likely that something is amiss in the securityfilter-config.xml file, so a quick (but careful) check of any areas you may have changed when setting it up for your app might get you to a solution the fastest. -Max - Original Message - From: ronanoc [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, March 31, 2003 5:38 AM Subject: Re: j_security_check So I have got the demo to work, so I copied the .xml and java files accross to my own project and I get this javax.servlet.exception Error matching patterns Any idea what that is? I set it up the same as with the Catalina example. As in '/*' in web.xml and '/index.jsp' in security filter. Thanks in advance. Ronan. On Déardaoin, Már 20, 2003, at 00:20 Etc/GMT, Max Cooper wrote: You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
j_security_check
I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org
Re: j_security_check
Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org
Re: j_security_check
You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check
Hi Max I've really got to investigate the securityfilter for my next project :) Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 10:50, Max Cooper wrote: You can also use SecurityFilter, a filter-based clone of container-managed security. It allows you to set a default page to take users to when they log in out of the blue. Container-managed security doesn't allow such login requests. http://securityfilter.sourceforge.net/ -Max - Original Message - From: Scott Barr [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 4:12 PM Subject: Re: j_security_check Hi Ronan You'll get this when you go directly to the page for the user to login. Instead, setup a resource that is protected by Container Managed Security eg. /userHome.do, which will then take you to your login page. Once login is successful, you will be fowarded on to /userHome.do Once you've got a logged in user via CMS, you can use Filters (if using a servlet 2.3 container) to make sure the users session is setup with all required objects. To log out, simply call session.invalidate() Regards Scott Barr www.exergonic.com.au On Thu, 2003-03-20 at 09:49, ronanoc wrote: I get this message when I am trying to login, and if I am already logged in too. Status 404 /mywebapp/j_security_check type Status report message /mywebapp/j_security_check description The requested resource (/mywebapp/j_security_check) is not available. How can I prevent this happening, and how can I logout, and log in again? Thanks. Ronan O'Ciosoig One Louder Recordings IRL Co. Dublin, Ireland. http://www.onelouder.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
j_security_check with LogonAction
Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check with LogonAction
2003. január 31. 01:06 dátummal MarwanSalam ezt írtad: Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I I have a filter which checks wheter the required information is or is not stored in session. If not, it loads and stores. Tib - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check with LogonAction
Hello, What I have done is like: 1) I forward the user to ActionClass after the LoginPage (not the default one but to the coustom one). 2) In this action class I set all the parameters that I require. 3) After this I forward the user to the j_security_check part. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 31, 2003 5:36 AM Subject: j_security_check with LogonAction Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: j_security_check with LogonAction
Hi I think the solution to this is to make LoginAction.do a protected resource. Any attempt to access LoginAction.do will cause your login page to be displayed and following sucessful authentication, you can complete the action in LoginAction.do - including forwards to your chosen page. db -Original Message- From: MarwanSalam [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 31 January 2003 00:06 To: [EMAIL PROTECTED] Subject: j_security_check with LogonAction Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: j_security_check with LogonAction
I usually create an ActionFilter that maps to the same url-pattern as my Action class. You can then set a userForm or token in the session if it's null, and that way you'll know if they just logged in or not. Seems to work pretty well for me. Here's an example: http://tinyurl.com/55an HTH, Matt -Original Message- From: MarwanSalam [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: j_security_check with LogonAction Hi, I am trying to use j_security_check Servlet to authenticate users from a login.jsp. However, if I do this, I will not be able to take advantage of LogonAction class where I need to set certain session and request attributes. If I submit the logon form to LogonAction, I can forward the request from LogonAction to j_security_check but the request object will stay there and I can not forward again using mapping.findForward(success) to a different page since the response is already commited at that point. Is there a way to work around this? Marwan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
j_security_check
Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check
Dont use struts html:something tags inside your form. bean:message and such are ok. Otherwise, it thinks you want to use an ActionForm. Mike - Original Message - From: Darren Hill [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Monday, November 18, 2002 2:21 PM Subject: j_security_check Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check This doesn't look right. Couple of possibilities I can think of. 1. Doublecheck that you have form based authentication enabled in your web.xml 2. Try changing your form to use /j_security_check -TPP -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check
2002-11-18, h keltezssel Darren Hill ezt rta: Wow. I had this working awesome ... now I get a I never had this phenomenon before however I use extension mapping so j_security_check never matches *.do. Tib -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
Darren, Try completely cleaning your login form of Struts tags. When you get that to work, add them back slowly to see which ones are giving the problem. I've found that I can put a login form using j_security_check inside a Struts tile, but using Struts tags caused problems for me of the sort you are having. I haven't gone deeper than that, it's something I want to figure out some day, but it works fine for now. (I'd like to go get a beer or out in the sunshine someday too, so you can imagine how this one stacks up on the list ;) hth, -b -Original Message- From: Darren Hill [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 2:21 PM To: 'Struts Users Mailing List' Subject: j_security_check Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
Thank you all for your input. I've found the problem ... the base tag in my HTML. One way I figured this out was, upon submitting from the form, there was no response from either my ActionServlet or RequestProssesor. Peculiar. Then I noticed the error I was receiving was trying to find the j_security_check some where other then what I put in the action. Anyway, I remove the base tag and all is well. Thanks again for everyone's input and thoughts. I hope this helps out other people. D. -Original Message- From: Brian Topping [mailto:[EMAIL PROTECTED]] Sent: November 18, 2002 9:48 PM To: Struts Users Mailing List Subject: RE: j_security_check Darren, Try completely cleaning your login form of Struts tags. When you get that to work, add them back slowly to see which ones are giving the problem. I've found that I can put a login form using j_security_check inside a Struts tile, but using Struts tags caused problems for me of the sort you are having. I haven't gone deeper than that, it's something I want to figure out some day, but it works fine for now. (I'd like to go get a beer or out in the sunshine someday too, so you can imagine how this one stacks up on the list ;) hth, -b -Original Message- From: Darren Hill [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 2:21 PM To: 'Struts Users Mailing List' Subject: j_security_check Wow. I had this working awesome ... now I get a HTTP ERROR: 404 Not Found RequestURI=/CMWeb/WEB-INF/pages/j_security_check from the following jsp form method=POST action=j_security_check trtd colspan=2/td/tr trtdbean:message key=login.page.form.email.label//tdtdinput type=text name=j_username/td/tr trtdbean:message key=login.page.form.password.label//tdtdinput type=password name=j_password/td/tr trtd colspan=2html:submitbean:message key=login.page.form.submit.label//html:submit/td/tr /form Its obvious that struts is trying to locate the action 'j_security_check' in the struts-config.xml file ... Is there a way I can get Struts to ignore this ( not look it up ) so that the container can capture this request? Darren. P.S. I DID search the archives with no lucl. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
using tiles and j_security_check
Hello, I am using tomcat's realm authentication to protect my struts 1.1 app. The actual form is constructed using tiles. This works fine for the most part but occasionaly I will submit the login form and get stuck at a blank page with a url of http:/mysite/j_security_check Usually I have to retry it a few times and then it will work. Has anyone seen this behavior? Should I feed tiles a plain html and not use tiles for that? I am also looking to see if this could be some kind of session problem. Of course the first time this problem showed up was when I was demoing my struts app in front of the suits. argh! -- Vincent Stoessel Linux Systems Developer vincent xaymaca.com smime.p7s Description: S/MIME Cryptographic Signature
Re: using tiles and j_security_check
Vincent Stoessel wrote: Hello, I am using tomcat's realm authentication to protect my struts 1.1 app. The actual form is constructed using tiles. This works fine for the most part but occasionaly I will submit the login form and get stuck at a blank page with a url of http:/mysite/j_security_check Odd - can't imagine what it could be. I would be inclined to say it's a server issue, but I have nothing to substantiate that. Having j_security_check appear in the address bar indicates to me that things are processing right. What is your server setup? Did you demo under a different setup than you developed under? Usually I have to retry it a few times and then it will work. Has anyone seen this behavior? Should I feed tiles a plain html and not use tiles for that? I am also looking to see if this could be some kind of session problem. Of course the first time this problem showed up was when I was demoing my struts app in front of the suits. argh! D'oh! That ... sucks :-O -- Eddie Bush -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: using tiles and j_security_check
This happens to me infrequently running a web app from my IDE - the context for tomcat gets screwed up and the submit for the form based auth does not return to the container correctly. This has never happened with a WAR deployed to Tomcat - only through the IDE (Together). The IDE is using Tomcat 3.2. I use Tiles with struts 1.1b2 on Tomcat 4.1.9 and have never had the same issue. Cal http://www.calandva.com/ -Original Message- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 12:53 To: Struts Users Mailing List Subject: Re: using tiles and j_security_check Vincent Stoessel wrote: Hello, I am using tomcat's realm authentication to protect my struts 1.1 app. The actual form is constructed using tiles. This works fine for the most part but occasionaly I will submit the login form and get stuck at a blank page with a url of http:/mysite/j_security_check Odd - can't imagine what it could be. I would be inclined to say it's a server issue, but I have nothing to substantiate that. Having j_security_check appear in the address bar indicates to me that things are processing right. What is your server setup? Did you demo under a different setup than you developed under? Usually I have to retry it a few times and then it will work. Has anyone seen this behavior? Should I feed tiles a plain html and not use tiles for that? I am also looking to see if this could be some kind of session problem. Of course the first time this problem showed up was when I was demoing my struts app in front of the suits. argh! D'oh! That ... sucks :-O -- Eddie Bush -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to set locale using j_security_check
Hi Mike, By default the user's locale will be set to that specified by their browser. If you want to give users the option of changing their locale you would have to display supported locales on a form (drop down, graphics etc) let the user pick a locale and post to an action then as you have already spotted use the setLocale method on the Action class to set the users locale to that specified. There may be a way - using LDAP and/or RDBMS and/or custom realms in WLS to set the locale to a value specified in the realm for the user; not sure off the top of my head - never seen one - but I'll have a look into it for you... If you really wanted to do this the easiest way would be to forward to an Action in your secured area (to initiate FORM based auth), say domain.com/secure/main.do and have the action get their locale from persistent store and set it before forwarding onto the domain.com/secure/main.jsp. Jon Ridgway -Original Message- From: Michael Lee [mailto:[EMAIL PROTECTED]] Sent: 06 September 2002 14:56 To: Struts Users Mailing List Subject: How to set locale using j_security_check I use container managed security in WLS using j_security_check. I have multiple languages. I want to load a user object with a locale and set it for that user as long as he is logged in (Action.setLocale(request, locale)??). How would I do this if the container is handling log in for me? For example lets say I want to go to domain.com/main.jsp but first it sends me to domain.com/login.html. The container would then authenticate and send me to main.jsp. I want to intercept this return and log in the user and set the local so he can see his language ApplicationResources.properties. Any hints? (I know this group has em! This is the best damn email group in the world, I swear) thanks, Mike The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201 0600 and then delete the entire e-mail from your system. Unauthorised review, distribution, disclosure or other use of this information could constitute a breach of confidence. Your co-operation in this matter is greatly appreciated. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How to set locale using j_security_check
Thanks but it still seems open.. We do give the user the ability to choose language. If you really wanted to do this the easiest way would be to forward to an Action in your secured area (to initiate FORM based auth), say domain.com/secure/main.do and have the action get their locale from persistent store and set it before forwarding onto the domain.com/secure/main.jsp. This is kind of what I was asking... This can't be uncommon for struts users (as most are probably working in a J2EE environment and using container managed security 'j_security_check'). I want to store the user object in the session. Included in that object is the locale. Problem is, using container managed security it will forward to the page they requested and it will not have the locale set by the user on last log in. Help! Mike - Original Message - From: Jon.Ridgway [EMAIL PROTECTED] To: 'Struts Users Mailing List' [EMAIL PROTECTED] Sent: Friday, September 06, 2002 11:06 AM Subject: RE: How to set locale using j_security_check Hi Mike, By default the user's locale will be set to that specified by their browser. If you want to give users the option of changing their locale you would have to display supported locales on a form (drop down, graphics etc) let the user pick a locale and post to an action then as you have already spotted use the setLocale method on the Action class to set the users locale to that specified. There may be a way - using LDAP and/or RDBMS and/or custom realms in WLS to set the locale to a value specified in the realm for the user; not sure off the top of my head - never seen one - but I'll have a look into it for you... If you really wanted to do this the easiest way would be to forward to an Action in your secured area (to initiate FORM based auth), say domain.com/secure/main.do and have the action get their locale from persistent store and set it before forwarding onto the domain.com/secure/main.jsp. Jon Ridgway -Original Message- From: Michael Lee [mailto:[EMAIL PROTECTED]] Sent: 06 September 2002 14:56 To: Struts Users Mailing List Subject: How to set locale using j_security_check I use container managed security in WLS using j_security_check. I have multiple languages. I want to load a user object with a locale and set it for that user as long as he is logged in (Action.setLocale(request, locale)??). How would I do this if the container is handling log in for me? For example lets say I want to go to domain.com/main.jsp but first it sends me to domain.com/login.html. The container would then authenticate and send me to main.jsp. I want to intercept this return and log in the user and set the local so he can see his language ApplicationResources.properties. Any hints? (I know this group has em! This is the best damn email group in the world, I swear) thanks, Mike The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201 0600 and then delete the entire e-mail from your system. Unauthorised review, distribution, disclosure or other use of this information could constitute a breach of confidence. Your co-operation in this matter is greatly appreciated. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
j_security_check, jaas and weblogic 6.1
I have to do security for the company I am at. I have never used j_security_check, jaas or weblogic 6.1 RDBMS (we have a database for authentication/authorization). I read all through the examples on j_security_check, jaas and WLS RDBMS out there I could get my hands on. There seems to be no good real world examples of how to tie all these together. The reason I'm having an issue is struts is the middle man, the controller so he is key to it all. I know i configure j_security_check in my web.xml to point to use form authentication, i know all about deployment descriptor configuration for ejb, war, etc. This is not the problem. I don't see how JAAS fits into j_security_check? I also dont see how struts fits into it either? Do I need to also add a login.do? I need to get the locale for the user from the database and figured I would do this at the login. JAAS wants LoginContext.login(), most j2ee say j_security_check and struts examples have login.do (this is the way I've typically done it). Help! I can't find any real world examples to tie all these together! thanks! Mike Lee -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check, jaas and weblogic 6.1
JAAS is not relevant if you're using container-managed security. You'll need to set up users in whatever user database your container (WebLogic in your case) provides. Struts also has nothing to do with this -- although you can use role information with tags like logic:present or the roles attribute on an action if you want to. JAAS would only be relevant if you wanted to do application-managed security instead, or if you were implementing the container itself. Craig On Mon, 26 Aug 2002, Michael Lee wrote: Date: Mon, 26 Aug 2002 12:21:12 -0400 From: Michael Lee [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: j_security_check, jaas and weblogic 6.1 I have to do security for the company I am at. I have never used j_security_check, jaas or weblogic 6.1 RDBMS (we have a database for authentication/authorization). I read all through the examples on j_security_check, jaas and WLS RDBMS out there I could get my hands on. There seems to be no good real world examples of how to tie all these together. The reason I'm having an issue is struts is the middle man, the controller so he is key to it all. I know i configure j_security_check in my web.xml to point to use form authentication, i know all about deployment descriptor configuration for ejb, war, etc. This is not the problem. I don't see how JAAS fits into j_security_check? I also dont see how struts fits into it either? Do I need to also add a login.do? I need to get the locale for the user from the database and figured I would do this at the login. JAAS wants LoginContext.login(), most j2ee say j_security_check and struts examples have login.do (this is the way I've typically done it). Help! I can't find any real world examples to tie all these together! thanks! Mike Lee -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check, jaas and weblogic 6.1
Thank you! You are the ONLY place I've heard this! Now everything seems to make more sense. I was just going to use j_security_check hooked into Weblogic RDBMS and put the user in the session for authentication from there on in (JNDI security to EJB). So this looks like the right path? No offense, but is this right? BEA recommends you use JAAS all over the place. I'm mainly going to use ACL in the deployment descriptors for my web app and ejbs. I also noticed that almost all JAAS implementations were at the java client layer. Few were servlets, etc. This would make sense with what your saying because no container would exist at a pure java client layer (such as with the JAAS RMI example that comes with weblogic). BTW, EXCELLENT job with struts Craig and team. I have 2 systems IN PRODUCTION! using struts. They wrote one at the job I'm at and I recommended struts to replace it. We are now going full steam ahead with struts! thanks, Mike Lee - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Monday, August 26, 2002 12:52 PM Subject: Re: j_security_check, jaas and weblogic 6.1 JAAS is not relevant if you're using container-managed security. You'll need to set up users in whatever user database your container (WebLogic in your case) provides. Struts also has nothing to do with this -- although you can use role information with tags like logic:present or the roles attribute on an action if you want to. JAAS would only be relevant if you wanted to do application-managed security instead, or if you were implementing the container itself. Craig On Mon, 26 Aug 2002, Michael Lee wrote: Date: Mon, 26 Aug 2002 12:21:12 -0400 From: Michael Lee [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: j_security_check, jaas and weblogic 6.1 I have to do security for the company I am at. I have never used j_security_check, jaas or weblogic 6.1 RDBMS (we have a database for authentication/authorization). I read all through the examples on j_security_check, jaas and WLS RDBMS out there I could get my hands on. There seems to be no good real world examples of how to tie all these together. The reason I'm having an issue is struts is the middle man, the controller so he is key to it all. I know i configure j_security_check in my web.xml to point to use form authentication, i know all about deployment descriptor configuration for ejb, war, etc. This is not the problem. I don't see how JAAS fits into j_security_check? I also dont see how struts fits into it either? Do I need to also add a login.do? I need to get the locale for the user from the database and figured I would do this at the login. JAAS wants LoginContext.login(), most j2ee say j_security_check and struts examples have login.do (this is the way I've typically done it). Help! I can't find any real world examples to tie all these together! thanks! Mike Lee -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: j_security_check, jaas and weblogic 6.1
On Mon, 26 Aug 2002, Michael Lee wrote: Date: Mon, 26 Aug 2002 14:29:44 -0400 From: Michael Lee [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Subject: Re: j_security_check, jaas and weblogic 6.1 Thank you! You are the ONLY place I've heard this! Now everything seems to make more sense. I was just going to use j_security_check hooked into Weblogic RDBMS and put the user in the session for authentication from there on in (JNDI security to EJB). So this looks like the right path? If BEA did things correctly, you shouldn't have to do anything special about saving the user in the session for EJB authentication -- the same user identity should be carried over automatically. No offense, but is this right? BEA recommends you use JAAS all over the place. I'm mainly going to use ACL in the deployment descriptors for my web app and ejbs. I also noticed that almost all JAAS implementations were at the java client layer. Few were servlets, etc. This would make sense with what your saying because no container would exist at a pure java client layer (such as with the JAAS RMI example that comes with weblogic). JAAS is what I'd use if I was writing the back end of WebLogic's servlet container. But web applications that run inside the container should not have to know anything about it. As you note, client apps don't have that kind of container support, so a roll your own solution based on JAAS makes more sense there. BTW, EXCELLENT job with struts Craig and team. I have 2 systems IN PRODUCTION! using struts. They wrote one at the job I'm at and I recommended struts to replace it. We are now going full steam ahead with struts! thanks, Mike Lee Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
'j_security_check' and unsecured resource access
Hi, Has anyone encountered the following situation using form-based auth in catalina? 1. login successfully using 'j_security_check'; 2. the next request happens to be to an unsecured url (e.g. /do/frontpage (with no restrictions in web.xml) -- DispatchServlet -- user.frontpage (tiles)) ; 3. the request methods 'getUserPrincipal()', 'isUserInRole()' and 'getRemoteUser()' tell me the user is not logged in (in DispatchServlet)! (I'm using jboss244+tomcat401, struts1.0, tiles) I heard this might be an issue with jboss. Can anyone confirm? Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: 'j_security_check' and unsecured resource access
1. login successfully using 'j_security_check'; 2. the next request happens to be to an unsecured url (e.g. /do/frontpage (with no restrictions in web.xml) -- DispatchServlet -- user.frontpage (tiles)) ; 3. the request methods 'getUserPrincipal()', 'isUserInRole()' and 'getRemoteUser()' tell me the user is not logged in (in DispatchServlet)! (I'm using jboss244+tomcat401, struts1.0, tiles) I don't know how JBoss behaves, but this is exactly how WebSphere behaves. -TPP -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: j_security_check
I'm on the phone with IBM at this moment. The scoop I got from searching the WEbsphere newsgroup was that 4.02 broke the forwarding for form-based security. That's what I was experiencing, and the message said that the fix was only available by calling IBM support. Supposedly efix PQ56667 fixes the problem. That's what I'm trying to get right now. I'll let you know if it works. I'm also experiencing problems (documented on this list) in that WebSphere handles responseRedirects differently than tomcat (you end up with duplicate context roots in the path ( like http://myapp.com/root/root/do/action ). I'd be curious if anyone has a workaround for this other than the Struts source patch suggested earlier. Lee -Original Message- From: Dave J Dandeneau [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 11:18 AM To: Struts Users Mailing List Cc: Tero P Paananen Subject: j_security_check We're currently implementing an application using Struts on WebSphere. We're running into some issues regarding J2EE security (j_security_check et.al.). Are there other folks on the list who have implemented applications using Struts with WebSphere and have done work with J2EE security? We're having a hard time getting IBM to verify our approach(es) to problems we're facing (basically they want to sell us consulting work to answer a yes/no question). We'd love to hear from somebody on the list who's gone/going through the same thing. Thanks -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Cannot retrieve mapping for action /j_security_check
Hello all, I looked in the archives but couldn't find an answer to my question. I'd like to convert my working form-based login page to use struts' html form taglib. I get the following Exception when trying to load login.jsp: javax.servlet.ServletException: Cannot retrieve mapping for action /j_security_check I was hoping someone could help out with the conversion. This works: form name=login action=j_security_check method=POST table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdinput type=text name=j_username size=20/td /tr tr th align=rightPassword:/th tdinput type=password name=j_password size=20/td /tr tr align=center td colspan=2input type=submit value=Login/td /tr /table /form This does not: html:form action=j_security_check focus=j_username table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdhtml:text property=j_username//td /tr tr th align=rightPassword:/th tdhtml:password property=j_password//td /tr tr align=center td colspan=2html:submitLogin/html:submit/td /tr /table /html:form I'm hoping all I need to do is add an entry in struts-config.xml, but I'm not sure what that entry should be. Any help would be appreciated. -ryan
RE: Cannot retrieve mapping for action /j_security_check
You will need to add the Action mapping in your struts-config.xml file. You will also need the form-bean mapping that your form will use to pass the form data to the action class. Here is an example. form-beans !-- Loin form bean -- form-bean name=loginForm type=com.dextera.examples.forms.LoginForm/ /form-beans action-mappings !-- Process a user login -- actionpath=/login type=com.dextera.examples.actions.LoginAction name=loginForm scope=request input=/login.jsp forward name=success path=/home.jsp/ /action-mappings All in all you will need the following: 1. A form bean to carry the data 2. Action servlet to perform your action 3. Form bean declaration in struts-config 4. Action mapping in struts-config Good luck. Jay Patel 972-701-9773 972-849-0373 Mobile [EMAIL PROTECTED] -Original Message- From: Shriver, Ryan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 2:26 PM To: '[EMAIL PROTECTED]' Subject: Cannot retrieve mapping for action /j_security_check Hello all, I looked in the archives but couldn't find an answer to my question. I'd like to convert my working form-based login page to use struts' html form taglib. I get the following Exception when trying to load login.jsp: javax.servlet.ServletException: Cannot retrieve mapping for action /j_security_check I was hoping someone could help out with the conversion. This works: form name=login action=j_security_check method=POST table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdinput type=text name=j_username size=20/td /tr tr th align=rightPassword:/th tdinput type=password name=j_password size=20/td /tr tr align=center td colspan=2input type=submit value=Login/td /tr /table /form This does not: html:form action=j_security_check focus=j_username table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdhtml:text property=j_username//td /tr tr th align=rightPassword:/th tdhtml:password property=j_password//td /tr tr align=center td colspan=2html:submitLogin/html:submit/td /tr /table /html:form I'm hoping all I need to do is add an entry in struts-config.xml, but I'm not sure what that entry should be. Any help would be appreciated. -ryan
RE: Cannot retrieve mapping for action /j_security_check
If you are using container-managed authentication, why use a Struts FormBean? You can get the username from the container using the getCallPrincipal() method of HttpServletRequest to get the logged in user's principal. If you absolutely want to use an ActionForm via Struts, keep reading. You will need to create a FormBean with 2 fields of type String. -- Code for LoginForm.java -- package com.yourcompany.yourapp.LoginForm; //import statements here public class LoginForm extends ActionForm { protected String j_username; protected String j_password; public LoginForm() { super(); } public void setJ_username(String j_username) { this.j_username = j_username; } public String getJ_username() { return j_username; } public void setJ_password(String j_password) { this.j_password = j_password; } public String getJ_password() { return j_password; } //other methods for ActionForm } -- End Code -- You will also have to supply the name and type parameters in the html:form tag -- code for login.jsp -- html:form name=loginForm action=j_security_check method=POST type=com.yourcompany.yourapp.LoginForm scope=session %-- Other html elements --% /html:form -- end code -- You will also need to declare your LoginForm inside struts-config.xml -- code for struts-config.xml -- struts-config form-beans form-bean name=loginForm type=com.yourcompany.yourapp.LoginForm/ !-- other form-bean declarations -- /form-beans !-- other struts-config elements -- /struts-config -- end code -- That should be it, just make sure you setup your web.xml file to use form-based login. James Hicks -Original Message- From: Shriver, Ryan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 2:50 PM To: 'Jay Patel '; ''[EMAIL PROTECTED]' ' Subject: RE: Cannot retrieve mapping for action /j_security_check Thanks for the quick reply but this seems like too much work just to get some consistency across my .jsp forms. I would think there would be a way for struts to let forms posted to j_security_check pass through to the servlet container instead of the normal Action classes. I want the container, not Struts, to do my authentication/authorization. Thanks for the help though. -ryan -Original Message- From: Jay Patel To: '[EMAIL PROTECTED]' Sent: 8/24/2001 3:41 PM Subject: RE: Cannot retrieve mapping for action /j_security_check You will need to add the Action mapping in your struts-config.xml file. You will also need the form-bean mapping that your form will use to pass the form data to the action class. Here is an example. form-beans !-- Loin form bean -- form-bean name=loginForm type=com.dextera.examples.forms.LoginForm/ /form-beans action-mappings !-- Process a user login -- actionpath=/login type=com.dextera.examples.actions.LoginAction name=loginForm scope=request input=/login.jsp forward name=success path=/home.jsp/ /action-mappings All in all you will need the following: 1. A form bean to carry the data 2. Action servlet to perform your action 3. Form bean declaration in struts-config 4. Action mapping in struts-config Good luck. Jay Patel 972-701-9773 972-849-0373 Mobile [EMAIL PROTECTED] -Original Message- From: Shriver, Ryan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 2:26 PM To: '[EMAIL PROTECTED]' Subject: Cannot retrieve mapping for action /j_security_check Hello all, I looked in the archives but couldn't find an answer to my question. I'd like to convert my working form-based login page to use struts' html form taglib. I get the following Exception when trying to load login.jsp: javax.servlet.ServletException: Cannot retrieve mapping for action /j_security_check I was hoping someone could help out with the conversion. This works: form name=login action=j_security_check method=POST table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdinput type=text name=j_username size=20/td /tr tr th align=rightPassword:/th tdinput type=password name=j_password size=20/td /tr tr align=center td colspan=2input type=submit value=Login/td /tr /table /form This does not: html:form action=j_security_check focus=j_username table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdhtml:text property=j_username//td /tr tr th align=rightPassword:/th tdhtml:password property=j_password//td /tr tr align=center td colspan=2html:submitLogin/html:submit/td /tr /table /html:form I'm hoping all I need to do is add an entry in struts-config.xml, but I'm not sure what that entry should be. Any help would be appreciated. -ryan
RE: Cannot retrieve mapping for action /j_security_check
Thanks for the quick reply but this seems like too much work just to get some consistency across my .jsp forms. I would think there would be a way for struts to let forms posted to j_security_check pass through to the servlet container instead of the normal Action classes. I want the container, not Struts, to do my authentication/authorization. Thanks for the help though. -ryan -Original Message- From: Jay Patel To: '[EMAIL PROTECTED]' Sent: 8/24/2001 3:41 PM Subject: RE: Cannot retrieve mapping for action /j_security_check You will need to add the Action mapping in your struts-config.xml file. You will also need the form-bean mapping that your form will use to pass the form data to the action class. Here is an example. form-beans !-- Loin form bean -- form-bean name=loginForm type=com.dextera.examples.forms.LoginForm/ /form-beans action-mappings !-- Process a user login -- actionpath=/login type=com.dextera.examples.actions.LoginAction name=loginForm scope=request input=/login.jsp forward name=success path=/home.jsp/ /action-mappings All in all you will need the following: 1. A form bean to carry the data 2. Action servlet to perform your action 3. Form bean declaration in struts-config 4. Action mapping in struts-config Good luck. Jay Patel 972-701-9773 972-849-0373 Mobile [EMAIL PROTECTED] -Original Message- From: Shriver, Ryan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 2:26 PM To: '[EMAIL PROTECTED]' Subject: Cannot retrieve mapping for action /j_security_check Hello all, I looked in the archives but couldn't find an answer to my question. I'd like to convert my working form-based login page to use struts' html form taglib. I get the following Exception when trying to load login.jsp: javax.servlet.ServletException: Cannot retrieve mapping for action /j_security_check I was hoping someone could help out with the conversion. This works: form name=login action=j_security_check method=POST table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdinput type=text name=j_username size=20/td /tr tr th align=rightPassword:/th tdinput type=password name=j_password size=20/td /tr tr align=center td colspan=2input type=submit value=Login/td /tr /table /form This does not: html:form action=j_security_check focus=j_username table border=3 cellpadding=2 cellspacing=2 align=center tr th align=rightUsername:/th tdhtml:text property=j_username//td /tr tr th align=rightPassword:/th tdhtml:password property=j_password//td /tr tr align=center td colspan=2html:submitLogin/html:submit/td /tr /table /html:form I'm hoping all I need to do is add an entry in struts-config.xml, but I'm not sure what that entry should be. Any help would be appreciated. -ryan
Re: j_security_check form authentication controlled in WAR context?
On Thu, 15 Mar 2001, Richard Yumul wrote: Is there a way to define the authenticating class within the WAR context? I like the way SimpleRealm JDBCRealm work, automatically protecting every resource matching a regex. However if I need a custom realm, I'd really prefer to have it be deployable in the war (would work across servlet containers) not have to customize tomcat. If not, how are other people getting around this, other than putting a custom tag (or something) on every jsp page? There is no portable API in the servlet spec defining how a container should talk to the authentication realm. This was considered in the process leading up to the 2.3 (proposed final draft) spec, but we didn't have time to settle on a standardized interface :-(. Thus, you are stuck having to conform to the APIs that each container provides for this purpose (for example, in Tomcat you would build your own Realm implementation). However, your apps themselves would all be portable. TIA, Rich Craig McClanahan
j_security_check form authentication controlled in WAR context?
Is there a way to define the authenticating class within the WAR context? I like the way SimpleRealm JDBCRealm work, automatically protecting every resource matching a regex. However if I need a custom realm, I'd really prefer to have it be deployable in the war (would work across servlet containers) not have to customize tomcat. If not, how are other people getting around this, other than putting a custom tag (or something) on every jsp page? TIA, Rich Richard M. Yumul Polexis, Inc. Direct: 619-542-7209 Fax: 619-542-8675 http://www.polexis.com transforming data into knowledge